Phishing attack nets Tumblr logins

This is a screenshot of a phishing page that is stealing Tumblr users' login credentials.
GFI Labs

For the past few days users of microblogging site Tumblr have been targeted with phishing scams that require people to type in their login credentials to see adult content, GFI Labs warned today.

"The data we saw contained 8,200 lines of text stretched across 304 pages of Microsoft Word, and even accounting for the inevitable duplicates and fake data that's still quite the goldmine of pilfered login credentials," the post says.

The attack displays pages of Tumblr users whose accounts have been compromised and converted into fake login pages and the Web addresses are redistributed, the post says, adding that some of the compromised accounts were prompting people to login on that same page while others were redirecting people to a different Web site.

The problem has become so pervasive that Tumblr users set up anti-phishing sites to help prevent others from being duped, according to GFI Labs. Several domains that were used in the scam are now inaccessible, the company said.

GFI Labs speculated that the stolen accounts might be harvested for use in some advertising affiliate scam or they could be tested to see if people have used the same credentials on other sites.